Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 1999_2

NFR Wizards Archive: RE: ODBC in DMZ

RE: ODBC in DMZ

C. K. Lung (clunghotmail.com)
Thu, 15 Jul 1999 22:29:07 -0400

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: John McDonald: "RE: ODBC in DMZ"
Previous message: Todd Johnson: "Re: ODBC in DMZ"
Maybe in reply to: C. K. Lung: "ODBC in DMZ"
Next in thread: Stefan Norberg: "Re: ODBC in DMZ"
Reply: Stefan Norberg: "Re: ODBC in DMZ"

Hi Stefan;

Thank you for your detailed explanation. It is very useful.

What if we are using Oracle instead of MS SQL? Would it be the same? If I
have VPN, would it overcome the problem of clear text? Any input is greatly
appreciated.

Best regards,

C.K.

> -----Original Message-----
> From: Stefan Norberg [mailto:stnorsweden.hp.com]
> Sent: Thursday, July 15, 1999 5:16 AM
> To: C. K. Lung
> Subject: Re: ODBC in DMZ
>
>
> C.K.,
> ODBC is not a communications protocol. It relies on an underlying
> communications mechanism.
> For example:
> A client can access a MS SQL-server (using ODBC), via Named Pipes
> (yuck :P),
> MS RPC or TCP/IP Sockets (default port is 1433).
>
> In a DMZ I would recommend sockets, although this communication
> is in clear
> text, because it's only one port to open up.
>
> MS RPC is all high ports in all directions plus tcp/135. Named Pipes is
> NetBIOS-ssn (tcp/137).
>
> Use strong passwords. If possible - make the DB-replica read-only.
>
> /stefan
>
> -------------------------------------------------------------------
> Stefan Norberg (stnorsweden.hp.com)
> HP Consulting
> PGP-key: http://people.hp.se/stnor/stnor.asc
> KeyID: 2048-1024/0x06795314
> Fingerprint: FB30 E334 8F04 F7D6 1FE7 2DFA 31D9 9052 0679 5314
>
> ----- Original Message -----
> From: C. K. Lung <clunghotmail.com>
> To: Firewall-Wizards <firewall-wizardsnfr.net>
> Sent: Wednesday, July 14, 1999 02:34
> Subject: ODBC in DMZ
>
>
> > A user needs to use ODBC access a program in DMZ. Do I need to
> open ports
> > or/and socket to allow the access? What kind of security risk it would
> > post? Any comments/suggestions are greatly appreciated.
> >
> > Sincerely,
> >
> > C.K.
> >
>
>
>

Next message: John McDonald: "RE: ODBC in DMZ"
Previous message: Todd Johnson: "Re: ODBC in DMZ"
Maybe in reply to: C. K. Lung: "ODBC in DMZ"
Next in thread: Stefan Norberg: "Re: ODBC in DMZ"
Reply: Stefan Norberg: "Re: ODBC in DMZ"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:19:03 CDT